I am tasked with rerouting the offices HTTP/HTTPS traffic out of an internal proxy first before it heads out our gateway. My office setup is LAN L3 switches -->Router-->ASA.

I am guessing this needs to be done on the LAN L3 switches as this is an internal proxy. From doing some digging around I think a route map of some sort will need to be applied/SDM Prefer enabled as well.

I would also like to maybe test this with just my static IP first before rolling it out to my whole office.

Below is what I am thinking about configuration wise, would this config work? Thanks.

7 Replies

This person is a verified professional.

Basically you are setting up a MITM device, it can setup as transparent through the Firewall with ssl filtering or a squid type server. However they will need to trust the SSL of that device to be able to filter it out.